SQL Injection Vulnerability in rslider_page's Update Functionality

CVE-2021-24557 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

The update functionality in the rslider_page uses an rs_id POST parameter which is not validated, sanitised or escaped before being inserted in sql query, therefore leading to SQL injection for users having Administrator role.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.